Intelligent step presentation

ABSTRACT

An apparatus for and method of utilizing an Internet terminal coupled to the world wide web to interface with an existing proprietary data base management system by permitting a developer to create a web based service that produces a table result. This result can be rendered to the web either by a Cool ICE Script or by an Active Server Page. The table may appear either as an HTML table or a graph. The service is defined as a plurality of ordered, discreet, and independent steps. Each step may be created and/or edited independently of all other steps. To assist the service developer, the system presents a choice of available steps to be added into the sequence at any particular point. The only steps so presented are valid for the position within the sequence. Invalid steps are not presented.

CROSS REFERENCE TO CO-PENDING APPLICATIONS

U.S. patent application Ser. No. 09/164,759, filed Oct. 1, 1998, andentitled, “A Common Gateway Which Allows Applets to Make Program Callsto OLTP Applications Executing on an Enterprise Server”, now U.S. Pat.No. 6,397,220, issued on May 28, 2002; U.S. patent application Ser. No.09/164,932, filed Oct. 1, 1998, and entitled, “A Multi-Client UserCustomized DOM Gateway for an OLTP Enterprise Server Application”; U.S.patent application Ser. No. 09/164,908, filed Oct. 1, 1998, andentitled, “An Automated Development System for Developing Applicationsthat Interface with Both Distributed Component Object Model (DOM) andEnterprise Server Environments”; U.S. patent application Ser. No.09/164,933, filed Oct. 1, 1998, and entitled, “Providing a ModularGateway Architecture Which Isolates Attributes of the Client and ServerSystems into Independent Components”; U.S. patent application Ser. No.09/164,862, filed Oct. 1, 1998, and entitled, “Making CGI Variables andCookie Information Available to an OLTP System”; U.S. patent applicationSer. No. 09/164,623, filed Oct. 1, 1998, and entitled, “A Gateway forDynamically Providing Web Site Status Information”; U.S. patentapplication Ser. No. 09/164,756, filed Oct. 1, 1998, and entitled,“Development System for Automatically Enabling a Server Application toExecute with an XATMI-complaint transaction MGR:Managing Transactionswithin Multiple Environments”; U.S. patent application Ser. No.09/189,053, filed Nov. 9, 1998, and entitled, “Cool ICE BatchInterface”; U.S. patent application Ser. No. 09/189,381, filed Nov. 9,1998, and entitled, “Cool ICE Debug”; U.S. patent application Ser. No.09/188,628, filed Nov. 9, 1998, and entitled, “Cool ICE WorkstationDirectory/File Browser”; U.S. patent application Ser. No. 09/188,640,filed Nov. 9, 1998, and entitled, “Cool ICE Icons”; U.S. patentapplication Ser. No. 09/188,738, filed Nov. 9, 1998, and entitled, “CoolICE Service Templates”; U.S. patent application Ser. No. 09/189,383,filed Nov. 9, 1998, and entitled, “Automatic Footer Text on HTML Pages”;U.S. patent application Ser. No. 09/189,615, filed Nov. 9, 1998, andentitled, “Availability Message”; U.S. patent application Ser. No.09/189,612, filed Nov. 9, 1998, and entitled, “Cool ICE SystemSettings”; U.S. patent application Ser. No. 09/188,807, filed Nov. 9,1998, and entitled, “Cool ICE Service Handler”; U.S. patent applicationSer. No. 09/189,611, filed Nov. 9, 1998, and entitled, “Server SideVariables”; U.S. patent application Ser. No. 09/188,629, filed Nov. 9,1998, and entitled, “Cool ICE Data Wizard”; U.S. patent application Ser.No. 09/189,365, filed Nov. 9, 1998, and entitled, “Cool ICE TableProfiling”; U.S. patent application Ser. No. 09/188,649, filed Nov. 9,1998, and entitled, “Cool ICE Column Profiling”; U.S. patent applicationSer. No. 09/448,154, filed Nov. 24, 1999, and entitled, “Method andApparatus for a Web Application Server to Provide for Web UserValidation”; U.S. patent application Ser. No. 09/448,169, filed Nov. 24,1999, and entitled, “Method and Apparatus for a Web Application Serverto Upload Multiple Files and Invoke a Script to Use the Files in aSingle Browser Request”; U.S. patent application Ser. No. 09/448,164,filed Nov. 24, 1999, and entitled, “Method and Apparatus for a WebApplication Server to Provide an Administration System Using a Dual Setof Tiered Groups of Objects”; U.S. patent application Ser. No.09/189,160, filed Nov. 9, 1998, and entitled, “Cool ICE DatabaseProfiling”; U.S. patent application Ser. No. 09/448,164, filed Nov. 24,1998, and entitled, “Cool ICE Data Wizard Calculation Service”; U.S.patent application Ser. No. 09/449,213, filed Nov. 24, 1999, andentitled, “Cool ICE Data Wizard Security Service”; U.S. patentapplication Ser. No. 09/449,214, filed Nov. 24, 1999, and entitled,“Cool ICE Data Wizard Join Service”; U.S. patent application Ser. No.09/449,244, filed Nov. 24, 1999, and entitled, “Cool ICE Data WizardAnalysis Service”; U.S. patent application Ser. No. 09/691,662, filedNov. 11, 2000, and entitled, “Method and Apparatus For Dynamic TracingInformation From Multiple Components of an Application into a CommonTrace File”; U.S. patent application Ser. No. 09/727,607, filed Dec. 1,2000, and entitled, “Dynamically Building a Web-Based Applications'sUser Interface From Multiple Components”; U.S. patent application Ser.No. 09/691,663, filed Oct. 18, 2000, and entitled, “Method and Apparatusfor Generic Trace Policy”; U.S. patent application Ser. No. 09/728,694,filed Dec. 1, 2000, and entitled, “Component Design By Tables WithinTables”; U.S. patent application Ser. No. 09/822,676, filed Mar. 30,2001, and entitled, “Cool ICE Data Wizard Select Source”; U.S. patentapplication Ser. No. 09/822,686, filed Mar. 30, 2001, and entitled,“Step Architecture for Building Services”; and U.S. patent applicationSer. No. 09/188,725, filed Nov. 9, 1998, and entitled, “Cool ICE StateManagement” are commonly assigned co-pending applications incorporatedherein by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention generally relates to data base management systemsand more particularly relates to enhancements for dynamically buildingand utilizing customized services from a user terminal via the Internet.

2. Description of the Prior Art

Data base management systems are well known in the data processing art.Such commercial systems have been in general use for more than 20 years.One of the most successful data base management systems is availablefrom Unisys Corporation and is called the MAPPER® data base managementsystem. The MAPPER system can be reviewed using the MAPPER User's Guidewhich may be obtained from Unisys Corporation.

The MAPPER system, which runs on proprietary hardware also availablefrom Unisys Corporation, provides a way for clients to partition databases into structures called cabinets, drawers, and reports as a way tooffer a more tangible format. The MAPPER data base manager utilizesvarious predefined high-level instructions whereby the data base usermay manipulate the data base to generate human-readable datapresentations. The user is permitted to prepare lists of the variouspredefined high-level instructions into data base manager programscalled “MAPPER Runs”. Thus, users of the MAPPER system may create,modify, and add to a given data base and also generate periodic and aperiodic updated reports using various MAPPER Runs.

However, with the MAPPER system, as well as with similar proprietarydata base management systems, the user must interface with the data baseusing a terminal coupled directly to the proprietary system and mustaccess and manipulate the data using the MAPPER command language ofMAPPER. Ordinarily, that means that the user must either be co-locatedwith the hardware which hosts the data base management system or must becoupled to that hardware through dedicated data links. Furthermore, theuser usually needs to be schooled in the command language of MAPPER (orother proprietary data base management system) to be capable ofgenerating MAPPER Runs.

Since the advent of large scale, dedicated, proprietary data basemanagement systems, the internet or world wide web has come into being.Unlike closed proprietary data base management systems, the internet hasbecome a world wide bulletin board, permitting all to achieve nearlyequal access using a wide variety of hardware, software, andcommunication protocols. Even though some standardization has developed,one of the important characteristics of the world wide web is itsability to constantly accept new and emerging techniques within a globalframework. Many current users of the internet have utilized severalgenerations of hardware and software from a wide variety of suppliersfrom all over the world. It is not uncommon for current day youngchildren to have ready access to the world wide web and to havesubstantial experience in data access using the internet.

Thus, the major advantage of the internet is its universality. Nearlyanyone, anywhere can become a user. That means that virtually allpersons are potentially internet users without the need for specializedtraining and/or proprietary hardware and software. One can readily seethat providing access to a proprietary data base management system, suchas MAPPER, through the internet would yield an extremely inexpensive anduniversally available means for accessing the data which it contains andsuch access would be without the need for considerable specializedtraining.

There are two basic problems with permitting internet access to aproprietary data base. The first is a matter of security. Because theinternet is basically a means to publish information, great care must betaken to avoid intentional or inadvertent access to certain data byunauthorized internet users. In practice this is substantiallycomplicated by the need to provide various levels of authorization tointernet users to take full advantage of the technique. For example, onemight have a first level involving no special security featuresavailable to any internet user. A second level might be for specificcustomers, whereas a third level might be authorized only for employees.One or more fourth levels of security might be available for officers orothers having specialized data access needs.

Existing data base managers have security systems, of course. However,because of the physical security with a proprietary system, a certaindegree of security is inherent in the limited access. On the other hand,access via the internet is virtually unlimited which makes the securityissue much more acute.

Current day security systems involving the world wide web involve thepresentation of a user-id and password. Typically, this user-id andpassword either provides access or denies access in a binary fashion. Tooffer multiple levels of secure access using these techniques would beextraordinarily expensive and require the duplication of entiredatabases and or substantial portions thereof. In general, theadvantages of utilizing the world wide web in this fashion to access aproprietary data base are directly dependent upon the accuracy andprecision of the security system involved.

The second major problem is imposed by the internet protocol itself. Oneof the characteristics of the internet which makes it so universal isthat any single transaction in HTML language combines a single transfer(or request) from a user coupled with a single response from theinternet server. In general, there is no means for linking multipletransfers (or requests) and multiple responses. In this manner, theinternet utilizes a transaction model which may be referred to as“stateless”. This limitation ensures that the internet, its users, andits servers remain sufficiently independent during operation that no oneentity or group of entities can unduly delay or “hang-up” thecommunications system or any of its major components. Each transmissionresults in a termination of the transaction. Thus, there is no generalpurpose means to link data from one internet transaction to another,even though in certain specialized applications limited amounts of datamay be coupled using “cookies” or via attaching data to a specific HTMLscreen.

However, some of the most powerful data base management functions orservices of necessity rely on coupling function attributes and data fromone transaction to another in dialog fashion. In fact this linking is ofthe essence of MAPPER Runs which assume change of state from one commandlanguage statement to the next. True statelessness from a first MAPPERcommand to the next or subsequent MAPPER command would preclude much ofthe power of MAPPER (or any other modern data base management system) asa data base management tool and would eliminate data base management aswe now know it.

Providing the system with the capability to save the needed informationfrom transaction to transaction permits applications to be developed fora true dialog-type interface between the legacy data base managementsystem and an Internet terminal. To make maximum use of the databasemanagement system from the Internet terminal, it is necessary toconveniently build components which perform tasks involving the databasefrom a user terminal. However, scripting components, as is common in theprior art, provides a cumbersome method of generating components fromvia a basically graphical interface. Furthermore, it is oftenadvantageous to utilize data from a number of different databases storedin a number of different formats to respond to a single service request.It is also problematic when the developer of a service is free to addillegal operations to a service.

SUMMARY OF THE INVENTION

The present invention overcomes the disadvantages of the prior art byproviding a method of and apparatus for building multiple componentsfrom an Internet terminal for access of a legacy data base managementsystem. In order to permit any such access, the present invention mustfirst provide an interface herein referred to generically as a gateway,which translates transaction data transferred from the user over theinternet in HTML format into a format from which data base managementsystem commands and inputs may be generated. The gateway must alsoconvert the data base management system responses and outputs for usageon the user's internet terminal. Thus, as a minimum, the gateway mustmake these format and protocol conversions. In the preferred embodiment,a number of gateways reside in the web server coupled to the user viathe world wide web and coupled to proprietary data base managementsystem.

To make access to a proprietary data base by internet users practical, asophisticated security system is required to prevent intentional orinadvertent unauthorized access to the sensitive data of anorganization. As discussed above, such a security system should providemultiple levels of access to accommodate a variety of authorized usercategories. In the preferred embodiment of the present invention, ratherthan defining several levels of data classification, the differentclasses of users are managed by identifying a security profile as aportion of those service requests requiring access to secure data. Thus,the security profile accompanies the data/service to be accessed. Userinformation is correlated to the access permitted. This permits certainlevels of data to be accessed by one or more of the several classes ofuser.

In the preferred mode of practicing the present invention, a given useris correlated with a security profile. Upon preparation of the servicerequest which provides internet access to a given portion of the database, the service request developer specifies which security profilesare permitted access to the data or a portion thereof. The servicerequest developer can subsequently modify the accessibility of anysecurity profile. The utility of the system is greatly enhanced bypermitting the service request developer to provide access to predefinedportions of the data, rather than being limited to permit or deny accessto all of the data involved.

The present invention also permits the system to modify and redefine thesecurity profiles during operation. In accordance with the preferredtechnique, the is system administrator can access an individual user anddirectly modify the security profile just for that user. This isaccomplished by calling up an HTML page for the selected user showingthe security profile of record. The system administrator makes changesas appropriate. The Data Wizard Security Service generates scriptassociated with the security profile change which provides the selecteduser with the new set of access privileges.

Whereas the gateway and the security system are the minimum necessary topermit the most rudimentary form of communication between the internetterminal of the user and the proprietary data base management system, asexplained above, the internet is a “stateless” communication system; theaddition of the gateway and the security system do not change thisstatelessness. To unleash the real power of the data base managementsystem, the communication protocol between the data base and the userrequires functional interaction between the various data transfers.

The present invention adds security management and state management tothis environment. Instead of considering each transfer from the internetuser coupled with the corresponding server response as an isolatedtransaction event as defined by the world wide web, one or more relatedservice requests may be functionally associated in a service requestsequence as defined by the data base management system into a dialog.

A repository is established to store the state of the service requestsequence. As such, the repository can store intermediate requests andresponses, as well as other data associated with the service requestsequence. Thus, the repository buffers commands, data, and intermediateproducts utilized in formatting subsequent data base management servicerequests and in formatting subsequent data to be available to the user'sbrowser.

The transaction data in HTML format received by the server from theuser, along with the state information stored in the repository, areprocessed by a service handler into a sequence of service requests inthe command language of the data base management system.

Through the use of the repository to store the state of the servicerequest sequence, the service handler to execute data base managementcommands, the world wide web user is capable of performing each andevery data base management function available to any user, including auser from a proprietary terminal having a dedicated communication linkwhich is co-located with the proprietary data base management systemhardware and software. In addition, the data base management system userat the world wide web terminal is able to accomplish this, withoutextensive training concerning the command language of the data basemanagement system.

In accordance with the preferred mode of the present invention, the CoolICE Data Wizard provides a web based interface that allows a developerto create a web based service that joins tables from MAPPER Reports,MAPPER runs, databases that are ODBC compliant, and many RDMS, andMAPPER. This service renders the resulting table to the web. This resultcan be rendered to the web either by a Cool ICE Script or by an ActiveServer Page.

In accordance with the present invention, a customized user interface isbuilt from multiple components stored in the proprietary databasemanagement system. Unlike previous approaches, the web-based servicecomponent is split into multiple components: an application servicecomponent, a screen component, a receiving service component, and a newtemplate component.

The screen component calls the template component, which collects all ofthe indexed pieces that it needs from within the proprietary databaseand displays this dynamically built data in the browser. When an actionagainst the data is initiated from the browser, the receiving servicecomponent is called to perform the specified action and then inform theuser that the action has completed. These multiple components seamlesslyinteract to build a consistent user interface that can easily betailored to meet users' presentation and performance needs.

By separating the code into multiple components, this new architectureallows adaptability to the user's environment, ease of maintenance, andease of localization. Users can easily alter the look-and-feel of theuser interface by making changes to the new template component. Forexample, changes to layout, color, use of graphics, or addition of acompany-specific logo can quickly and easily be done by simply makingchanges to the template component. By choosing to exclude largegraphical elements from the template component, performance enhancementsmay also be realized. In addition, the template component gives the usera wide range of languages in which to program their user interfaceincluding HTML, HDML, XML, WML, JavaScript, Vbscript, and WMLscript.This tremendous flexibility gives the user a fast and effective way totailor their user interface.

The primary objective of this customized user interface is to easecomponent building by the user. Unlike traditional approaches, thepresent invention permits the user to define a component via a series ofinterrelated tables rather than a sequence of script. With thistechnique, the design records the data manipulation process as onecomposite large table in which each step (or task) is a sub table. Eachstep table can (independently of other steps) define and maintain one ormore sub tables within the step description.

This table design is facilitated by the easy creation and modificationof tables in the Cool ICE repository. The design is based on a centralprocess driver for the editing process and individual steps that honor asimple set of minimum requests. The central process (or componentbuilder) presents the list of steps that can be used to construct aprocess, dispatches the work to a step when needed, and calls for a stepto: build initial step data, edit step data, describe itself, sense andadjust for prior steps, and compile itself. The central editing processmaintains the data regarding the state of processing before and aftereach step.

A component (i.e., task with a database table result) stored as asequence of tabular steps instead of script is unique. Because there isno syntactical language to parse, editing involves showing the databaseelements on a page, offering a limited set of appropriate choices, andrecording modified choices back as a set of tables. This directlycorresponds to the graphical user interface most appreciated by typicalInternet users. Script for the description of process steps is an outputproduct of the tables, instead of the other way around.

Thus, the Cool ICE Data Wizard provides a web based interface thatallows a developer to create a web based service that produces a tableresult. This result can be rendered to the web either by a Cool ICEScript or by an Active Server Page (ASP). The table may appear either asan HTML table or a graph. In accordance with the present invention, CoolICE Data Wizard provides for both storage and retrieval of tables. Itstores the definition of a table in such a way that its specificationmay be re-edited, or included in a component where it may be followed byother steps which further manipulate it or join it with other tables.Similarly, it permits retrieval of tables from different databases anddifferent types of database, joins them, and render them suitable fortransmission on the web.

The information that is used to describe the actions that a Data Wizardgenerated Cool ICE service will perform is kept as an ordered set ofdiscreet steps, where the information for each step is in anencapsulated environment. Each step can be created and editedindividually by a wizard-type graphical user interface. The informationkept for one step does not interact with or interfere with theinformation kept for another step. And, the code that will perform theactions for each step can be generated in a simple, linear processing ofthe steps.

To assist the developer with the creation of a service, the Cool ICEsystem presents him/her with a choice of steps to add within thesequence. However, the choice of steps that the Cool ICE Data WizardComponent Builder presents to a developer is dynamically chosen based onthe type of component being built, the current steps in the component,and the position where the developer specifies a new step is to beplaced. Only those steps that are valid for the specified position arepresented to the developer for selection.

BRIEF DESCRIPTION OF THE DRAWINGS

Other objects of the present invention and many of the attendantadvantages of the present invention will be readily appreciated as thesame becomes better understood by reference to the following detaileddescription when considered in connection with the accompanyingdrawings, in which like reference numerals designate like partsthroughout the figures thereof and wherein:

FIG. 1 is pictographic view of the Cool ICE system coupled between auser on the world wide web and an existing proprietary data basemanagement system;

FIG. 2 is a schematic drawing showing the operation of a multi-levelsecurity system in accordance with the preferred embodiment of thepresent invention;

FIG. 3 is a pictographic view of the hardware of the preferredembodiment;

FIG. 4 is a semi-schematic diagram of the operation of the Cool ICEsystem;

FIG. 5 is an overall schematic view of the software of the Cool ICEsystem;

FIG. 6 is a schematic view of a service request;

FIG. 7 shows a schematic view of a service request sequence;

FIG. 8 is a diagrammatic comparison between a dialog-based structure anda service-based structure;

FIG. 9 is a detailed diagram of the storage and utilization of stateinformation within the repository;

FIG. 10 is a detailed diagram showing security profile verificationduring a service request;

FIG. 11 is a flow diagram showing the operation of the Cool ICE DataWizard;

FIG. 12 is a detailed flow diagram showing the basic Data Wizardfunctions;

FIG. 13 is a flow diagram showing the role of the Cool ICEAdministration module;

FIG. 14 is a diagram showing utilization of the Cool ICE Data Wizard;

FIG. 15 is a flow diagram showing operation of the Data Wizard JoinService;

FIG. 16 is a detailed flow diagram for Join Service;

FIG. 17 is a detailed flow diagram of the Utrace architecture;

FIG. 18 is a detailed table of the registry settings for initiallytracing for an application;

FIG. 19 is a flow chart showing the generic trace process;

FIG. 20A is a table showing typical definitions for policy trace flags;

FIG. 20B is a table showing a typical run-time trace call;

FIG. 21 is a detailed flow chart showing branching from the Data WizardMain Menu;

FIG. 22, consisting of FIG. 22A, FIGS. 22 b, and 22C, is a detailed flowchart showing operation of the Query Builder;

FIG. 23 is a detailed flow chart showing completion of the Query Builderprocess;

FIG. 24 is a view of the Cool ICE Data Wizard home screen;

FIG. 25 is a view of the Cool ICE Data Wizard data flow in componentbuilding;

FIG. 26 is an over all flow chart of the Data Wizard Select Source;

FIG. 27 is a detailed flow chart for Updblinfo;

FIG. 28 is a detailed flow chart for UpdataStepData;

FIG. 29 is a detailed flow chart for UpColinfo;

FIG. 30 is a detailed flow chart for UpdWhereinfo;

FIG. 31 is a detailed flow chart for UpdOrderinfo;

FIG. 32 is a detailed flow chart for FinishSource;

FIG. 33 is a detailed flow chart for BuildNativeCompo;

FIG. 34 is a detailed flow chart for RetrieveTablesAndJoinViaMQL; and

FIG. 35 is a detailed flow chart for JoinViaMQL.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The present invention is described in accordance with several preferredembodiments which are to be viewed as illustrative without beinglimiting. These several preferred embodiments are based upon MAPPER database management system, and the Cool ICE software components, allavailable from Unisys Corporation.

FIG. 1 is an overall pictographic representation of a system 10permitting access to a proprietary data base management system via aninternet terminal. Existing data bases and applications 12 representscommercially available hardware and software systems which typicallyprovide select users with access to proprietary data and data basemanagement functions. In the preferred embodiment, existing data basesand applications 12 represents one or more data bases prepared usingMAPPER data base management system, all available from UnisysCorporation. Historically, existing data bases and applications 12 couldonly be accessed from a dedicated, direct terminal link, eitherphysically co-located with the other system elements or connectedthereto via a secured dedicated link.

With the preferred mode of the present invention, communication betweennew web application terminal 14 and existing data bases and applications12 is facilitated. As discussed above, this permits nearly universalaccess by users world wide without specialized hardware and/or usertraining. The user effects the access using standardized HTMLtransaction language through world wide web link 16 to the Cool ICEsystem 20, which serves as a world wide web server to world wide weblink 16.

Cool ICE system 20 appears to existing data bases and applications 12 asa data base management system proprietary user terminal over dedicatedlink 18. Oftentimes, dedicated link 18 is an intranet or other localizedlink. Cool ICE system 20 is currently available in commercial form asCool ICE Revision Level 2.1 from Unisys Corporation.

FIG. 2 is a basic schematic diagram of security system 22 of thepreferred mode of the present invention. By way of example, there arefour categories of service defined, each with its own functionality andportion of the data base. Service A 36 contains data and functions whichshould only be made available to customers. Service B 38 contains dataand functions which should only be made available to customers oremployees. Service C 40 contains data and functions which should only bemade available to employees, and Service D 42, containing the leastrestrictive data and functions may be made available to anyone,including the general public.

In a typical application, Service D 42 might contain the general homepage information of the enterprise. It will consist of only the mostpublic of information. It is likely to include the name, address, e-mailaddress, and phone number of the enterprise, along with the most publicof the business details. Usually, Service D 42 would include means ofpresenting the information in a sufficiently interesting way to enticethe most casual of the public user to make further inquiry and thusbecome more involved with the objectives of the enterprise. Service D 42represents the lowest level of security with data and functionsavailable to all.

Service C 40 is potentially the highest level of classification. Itcontains data and functions which can be made available only toemployees. In actual practice, this might entail a number of sub levelscorresponding to the various levels of authority of the variousemployees. However, some services may be so sensitive that theenterprise decides not to provide any access via the internet. Thismight include such things as strategic planning data and tools, advancedfinancial predictions, specific information regarding individualemployees, marketing plans, etc. The penalty for this extreme securitymeasure is that even authorized individuals are prohibited fromaccessing these services via the internet, and they must take thetrouble to achieve access via an old-fashioned dedicated link.

Customers and employees may share access to Service B 38. Nevertheless,these data and functions are sufficiently sensitive that they are notmade public. Service B 38 likely provides access to productspecifications, delivery schedules and quantities, and pricing.

For customer access only is Service A 36. One would expect marketinginformation, along with specific account information, to be availablehere.

These four service levels (i.e., Service A 36, Service B 38, Service C40, and Service D 42) are regulated in accordance with three securityprofiles. The lowest level of security does not require a securityprofile, because any member of the general public may be granted access.This can be readily seen as guest category 28 (e.g., a member of thepublic) can directly access Service D 42. Of course, all othercategories of user may also directly access Service D 42, because allmembers of the more restrictive categories (e.g., customers andemployees) are also members of the general public (i.e., the leastrestrictive category).

Security Profile #1, 30 permits access to Service A 36 if and only ifthe requestor seeking access is a customer and therefore a member ofcustomer category 24. Members of customer category 24 need to identifythemselves with a customer identification code in order to gain access.The assigning and processing of such identification codes are well knownto those of skill in the art.

Similarly, Security Profile #3, 34 permits access to Service C 40 if andonly if the requestor seeking access is an employee and therefore amember of employee category 26. Security Profile #2, 32 permits accessto Service B 38 to requesters from either customer category 24 oremployee category 26, upon receipt of a customer identification code oran employee identification code. A more detailed description of thesecurity system of the preferred mode of the present invention is foundbelow.

FIG. 3 is a pictorial diagram of hardware suite 44 of the preferredembodiment of the present invention. The client interfaces with thesystem via internet terminal 46. Terminal 46 is an industry compatible,personalized computer having a suitable web browser, all being readilyavailable commercial products. Internet terminal 46 communicates overworld wide web access 48 using standardized HTML protocol.

The Cool ICE system is resident in web server 50, which is coupled tointernet terminal 46 via world wide web access 48. In the preferredmode, web server 50 is owned and operated by the enterprise owning andcontrolling the proprietary data base management system. Web server 50may serve as the internet access provider for internet terminal 46. Webserver 50 may be a remote server site on the internet if the shownclient has a different internet access provider. This would ordinarilyoccur if the shown client were a customer or guest.

In addition to being coupled to world wide web access 48, web server 50,containing the Cool ICE system, can be coupled to network 52 of theenterprise as shown. Network 52 provides the system with communicationfor additional enterprise business purposes. Thus, The Cool ICEapplication or web server 50 and others granted access may communicatevia network 52 within the physical security provided by the enterprise.Also coupled to network 52 is departmental server 58 having departmentalserver storage facility 60. Additional departmental servers (not shown)may be coupled to network 52. The enterprise data and enterprise database management service functionality typically resides withinenterprise server 54, departmental server 58, and any other departmentalservers (not shown). Normal operation in accordance with the prior artwould provide access to this data and data base management functionalityvia network 52 to users directly coupled to network 52.

In the preferred mode of the present invention, access to this data anddata base management functionality is also provided to users (e.g.,internet terminal 46) not directly coupled to network 52, but indirectlycoupled to network 52 via web server 50 and the Cool ICE Serverapplication components. As explained below in more detail, web server 50provides this access utilizing the Cool ICE system resident in webserver 50.

FIG. 4 is pictographic view of the system of FIG. 3 with particulardetail showing the organization and operation of the Cool ICE system 62,which is resident in the web server (see also FIG. 3). In this view, theclient accesses the data base management system within the enterprisevia internet terminal 54 which is coupled to the web server 68 by worldwide web path 66. Again, the internet terminal 54 is preferably anindustry standard computer utilizing a commercially available webbrowser.

The basic request/response format of the Cool ICE system involves a“service” (defined in greater detail below) which is an object of theCool ICE system. The service is a predefined operation or relatedsequence of operations which provide the client with a desired static ordynamic result. The services are categorized by the language in whichthey were developed. Whereas all services are developed with client-sidescripting which is compatible with internet terminal 54 (e.g., HTML),the server-side scripting defines the service category. Native servicesutilize Cool ICE script for all server-side scripting. On the otherhand, open services may have server-side scripting in a variety ofcommon commercial languages including Jscript, VBScript, ActiveXcontrols, and HTML. Because native services are developed in the CoolICE script (run) language, greater development flexibility and varietyare available with this technique.

Web server 68 provides processor 70 for Active Server Pages (ASP's)which have been developed as open services 72 and a Default ASP 73 forinvoking native services. After the appropriate decoding within a nativeor open service, a call to the necessary Cool ICE object 74 is initiatedas shown. The selected service is processed by the Cool ICE engine 76.

Repository 80 is a storage resource for long term storage of the CoolICE service scripts and short term storage of the state of a particularservice. Further details concerning repository 80 may be found byconsulting the above referenced, commonly-assigned, co-pending U.S.Patent Application. In the preferred mode of the present invention, theservice scripts stored in repository 80 are typically very similar toMAPPER runs as described above. For a more detailed description ofMAPPER runs, Classic MAPPER User Manual is available from UnisysCorporation and incorporated herein by reference.

Cool ICE engine 76 sequences these previously stored command statementsand can use them to communicate via network 84 with other data basemanagement system(s) (e.g., MAPPER) resident on enterprise server 86and/or departmental server 88. The storage capability of repository 80is utilized by Cool ICE engine 76 to store the state and intermediateproducts of each service until the processing sequence has beencompleted. Following completion, Cool ICE engine 76 retrieves theintermediate products from repository 80 and formats the output responseto the client, which is transferred to internet terminal 54 via webserver 68 and world wide web path 66.

Cool ICE Administrator 82 is available for coordination of the operationof Cool ICE system 62 and thus can resolve conflicts, set run-timepriorities, deal with security issues, and serve as a developmentalresource. Graphing engine 78 is available to efficiently providegraphical representations of data to be a part of the response of aservice. This tends to be a particularly useful utility, because many ofthe existing data base management systems have relatively sparseresources for graphical presentation of data.

The combination of Cool ICE object 74, Cool ICE engine 76, andrepository 80 permits a rather simplistic service request from internetterminal 54 in dialog format to initiate a rather complex series of database management system functions. In doing so, Cool ICE engine 76emulates an intranet user of the data base management system(s) residenton enterprise server 86 and/or departmental server 88. This emulation isonly made possible, because repository 80 stores sequences of commandlanguage statements (i.e., the logic of the service request) andintermediate products (i.e., the state of the service request). It isthese functions which are not available in ordinary dialog on the worldwide web and are therefore not even defined in that environment.

FIG. 5 is a schematic diagram 90 of the software components of the CoolICE system and the software components to which it interfaces in thepreferred mode of the present invention. The client user of the Cool ICEsystem interfaces directly with web browser 92 which is resident oninternet terminal 54 (see also is FIG. 4). Web browser 92 is acommercially available browser. The only special requirement of webbrowser 92 is that it be capable of supporting frames.

Web browser 92 communicates with web server software 96 via internetstandard protocol using HTML language using world wide web path 94. Webserver software 96 is also commercially available software, which is, ofcourse, appropriate for to the web server host hardware configuration.In the preferred mode of the present invention, web server software 96is hosted on Windows ITS-based server available from MicrosoftCorporation.

Cool ICE system software 98 consists of Cool ICE Object {the gateway)100, Cool ICE service handler 102, Cool ICE administration 104, Cool ICErepository 106, and Cool ICE Scripting Engine 108. It is these fivesoftware modules which establish and maintain an interface to web serversoftware 96 using com interfaces and interface to Cool ICE's internaland external data base management system.

Cool ICE object 100 is the interface between standard, commerciallyavailable, web server software 96 and the internal Cool ICE systemscripting engine with its language and logic facilities. As such, CoolICE object 100 translates the dialog format, incoming HTML servicerequest into internal Cool ICE requests for service. Intrinsic in thistranslation is a determination of the service category (see also FIG.4)—that is whether the service request is a native service (i.e., with adefault Cool ICE server-side scripting) or an open service (i.e., withserver-side scripting in another commercial language using the Cool ICEobject 100).

The service request, received from Cool ICE object 100, is utilized byCool ICE service handler 102 to request the corresponding service actionscript from Cool ICE repository 106 and to open temporary state storageusing Cool ICE repository 106. Cool ICE service handler 102 sequencesthrough the service input variables of the object received from Cool ICEobject 100 and transfers each to Cool ICE repository 106 for temporarystorage until completion of the service request. Cool ICE servicehandler 102 retrieves the intermediate products from Cool ICE repository106 upon completion of the service request and formulates the Cool ICEresponse for transfer to browser 92 via web server software 96 and worldwide web path 94.

Cool ICE administration 104 implements automatic and manual control ofthe process. It provides for record keeping, for resolution of certainsecurity issues, and for development of further Cool ICE objects.Interconnect 110 and interconnect 112 are software interface modules forcommunicating over the enterprise network (see also FIG. 4). Thesemodules are dependent upon the remaining proprietary hardware andsoftware elements coupled to the enterprise network system. In thepreferred mode of the present invention, these are commerciallyavailable from Unisys Corporation.

FIG. 6 is a schematic diagram 116 showing the processing of a servicerequest by the Cool ICE system. Screen 118 is the view as seen by theclient or user at an internet terminal (see also FIG. 4). This screen isproduced by the commercially available browser 120 selected by the user.Any such industry standard browser is suitable, if it has the capabilityto handle frames. The language of screen 118 is HTML 124. Hyperlinks 126is used in locating the URL of the Cool ICE resident server. Thecomponents of the URL are as follows. In many instances, this willsimply be the internet access provider of the internet terminal, as whenthe internet terminal is owned by the enterprise and the user is anemployee. However, when the user is not an employee and the internetterminal is not necessarily owned by the enterprise, it becomes morelikely that hyperlinks 126 identifies a remotely located server.

Icon 122 is a means of expressly identifying a particular servicerequest. Such use of an icon is deemed to be unique. Additional detailconcerning this use of an icon is available in the above identified,commonly assigned, co-pending U.S. Patent application. Window area 128provides for the entry of any necessary or helpful input parameters. Notshown are possible prompts for entry of this data, which may be definedat the time of service request development. Submit button provides theuser with a convenient means to transmit the service request to the webserver in which the Cool ICE system is resident.

Upon “clicking on” submit button 130, screen 118 is transmitted to webserver 136 via world wide web path 132. As discussed above, world wideweb path 132 may be a telephonic dial-up of web server 136 or it mightbe a long and complex path along the internet if web server 136 isremote from the originating internet terminal. Web server 136 is thesoftware which performs the retrieval of screen 118 from world wide webpath 132.

Screen 118 is transferred from web server 136 to Cool ICE object 138,wherein it is converted to the internal Cool ICE protocol and language.A browser input is opened at storage resource 166 via paths 150 and 151.Thus the initial service request can be accessed from storage resource166 during processing up until the final result is transferred back tothe user. This access readily permits multi-step and iterative servicerequest processing, even though the service request was transferred as asingle internet dialog element. This storage technique also providesinitially received input parameters to later steps in the processing ofthe service request.

Cool ICE object 138 notifies Cool ICE service handler 156 through theCool ICE Engine Interface 157 that a service request has been receivedand logged in. The service request itself is utilized by Cool ICEservice handler 156 to retrieve a previously stored sequence of database management system command statements from repository 166. Thus, inthe general case, a single service request will result in the executionof a number of ordered data base management system commands. The exactsequence of these commands is defined by the service request developeras explained in more detail below.

Service input parameters 170 is prepared from the service request itselfand from the command sequence stored in repository 166 as shown by paths164 and 165. This list of input parameters is actually stored in adedicated portion of repository 166 awaiting processing of the servicerequest.

Each command statement from repository 166 identified with the servicerequest object is sequentially presented to a Cool ICE service 168 forprocessing via path 160. The corresponding input parameters 170 iscoupled with each command statement via path 176 to produce anappropriate action of the enterprise data base management system at CoolICE service 168. After the enterprise data base management system hasresponded to a given query, the intermediate products are stored asentries in HTML document 172 which is also stored in a dedicated portionof repository 166.

After all command statements corresponding to the service request havebeen processed by the enterprise data base management system and HTMLdocument 172 has been completed, the result is provided via path 158 toCool ICE Engine Interface 157. Cool ICE object 138 receives the browseroutput via path 150. The response is converted to HTML protocol andtransferred by web server 136 and world wide web path 134 to bepresented to the user as a modified screen (not shown).

FIG. 7 is a pictographic drawing 178 of the development process forcreating a Cool ICE service. HTML document 180 is created utilizing anycommercially available standard HTML authoring tool (e.g., MicrosoftFrontPage). The resulting HTML document 180 is stored as a normal .HTMfile. This file will be utilized as a template of the service to bedeveloped.

The authoring process moves along path 182 to invoke the administrationmodule of the Cool ICE system at element 184. The new dynamic service iscreated using HTML document 180 stored as a normal .HTM file as atemplate. As HTML document 180 is imported into Cool ICE, sequences ofscript for the beginning and end of the HTML code are automaticallyappended to the service. Required images, if any, are also uploaded ontothe web server (see also FIGS. 5 and 6). The service is edited byinserting additional Cool ICE script, as required. A more detaileddescription of the editing process may be found in Cool ICE User'sGuide, Revision 2.0, available from Unisys Corporation and incorporatedherein by reference.

The completed service script is transferred along path 186 to element188 for storage. The service is stored as a service object in therepository (see also FIGS. 5 and 6). Storage is effected within theappropriate category 190 as discussed above, along with services 192,194, and 196 within the same category.

The process proceeds along path 198 to element 200 for testing. Toperform the testing, the URL for the newly created service is enteredinto the browser of the internet terminal, if known. The typical URL isas follows:

http://machine-name/Cool-ICE/default.asp?Category=Examples &Service=FRME+01

If the URL for the new service is not known, a list of the availableservices may be determined from the Cool ICE system by specifying theCool ICE URL as follows:

http;://machine-name/Cool-ICE

This call will result in a presentation of a menu containing the definedcategories. Selecting a category from the list will result in a menu forthe services defined within that category. The desired service can thusbe selected for testing. Selection of the service by either means willresult in presentation of the HTML page as shown at element 200.

The process proceeds to element 204 via path 202, wherein the HTML pagemay be enhanced. This is accomplished by exporting the HTML documentfrom the Cool ICE administration module to a directory for modification.By proceeding back to HTML document 180 via path 208, the exported HTMLtemplate is available for modification using a standard HTML authoringtool. After satisfactory completion, the finished HTML document is savedfor future use.

FIG. 8 is a diagram showing a comparison between dialog-based structure210 and service-based structure 212. Dialog-based structure 210 is thenorm for the typical existing proprietary data base management system(e.g., Classic MAPPER). The user, normally sitting at a dedicated userterminal, transfers output screen 214 to the data base management systemto request a service. The user terminal and its normally dedicated linkare suspended at element 216 to permit transfer and operation of thedata base management system. The input is validated at element 218,while the user terminal and its normally dedicated link remainssuspended.

The data base management system processes the service request at element220 while the user terminal remains suspended. Output occurs at element222 thereby releasing the suspension of the user terminal. Thus, a truedialog is effected, because one part of the dialog pair (i.e., the userterminal) is suspended awaiting response from the data base managementsystem. This type of dialog is best accomplished in an environmentwherein at least the user terminal (or data base management system) isdedicated to the dialog, along with the link between user terminal anddata base management system.

Service-based structure 212 illustrates one of the basic constraints ofthe world wide web protocol. To ensure that each of the elements on theworld wide web are sufficiently independent and to prevent one elementfrom unduly delaying or “hanging-up” another element to which it iscoupled awaiting a response, the communication protocol forces atermination after each transmission. As can be readily seen, even thesimplest dialog requires at least separate and independent transactionsor services. The first service, Service 224, involves the transmissionsof output form 228 from the internet user terminal. This transmission isimmediately and automatically followed by termination 230 to ensureindependence of the sender and receiver.

The second service, Service 226, enables the receiver of output form 228to process the request and output an appropriate response. Thevalidation of the input at element 232, processing 234, and output 236all occur within the receiver of output form 228. Immediately andautomatically, termination 238 follows. Thus, if internet transactionsare to be linked into a true dialog to permit data base managementfunctions, the state must be saved from one service to the next astaught herein.

In the preferred mode of the present invention, the state of a serviceis saved in the repository (see also FIGS. 4 and 5) for use in the nextor subsequent services.

FIG. 9 is a schematic diagram 240 of the preferred mode of the presentinvention showing normal data flow during operation, with specialattention to the state saving feature. Work station 242 is an industrycompatible personal computer operating under a commonly availableoperating system. Browser 244 is a standard, commercially available webbrowser having frames capability. Path 248 is the normal world wide webpath between work station 242 and web server 254 for the transfer ofservice requests and input data. These transfers are converted by CoolICE object 256 as explained above and sent to Cool ICE Engine Interface259 for disposition.

The service request for data and/or another function is converted intothe data base management language by reference to the service definitionportion of repository 262 through reference along path 276. The actualcommand language of the data base management system is utilized overpath 286 to access data base 264. The resultant data from data base 264is transferred to Cool ICE object 256 via path 288. State manager 260determines whether the original service request requires additionalqueries to data base 264 for completion of the dialog. If yes, theresultant data just received from data base 264 is transferred via path284 to repository 262 for temporary storage, and the next query isinitiated over path 286, and the process is repeated. This is the statesaving pathway which is required to provide the user of the Cool ICEsystem to function in a dialog mode over the world wide web.

Upon receipt of the resultant data from the final query of data base264, state manager 260 determines that the service request is nowcomplete. State manager 260 notifies repository 262 via path 280, andthe intermediate products are retrieved from temporary storage inrepository 262 via path 278 and supplied to Cool ICE service handler 258via path 272 for formatting. State manager 260 then clears theintermediate products from temporary storage in repository 262 via path282. The final response to the service request is sent to Cool ICEobject 256 via path 270 for manipulation, if necessary, and to browser244 via path 250.

FIG. 10 is a detailed diagram 440 showing operation of the securitysystem during the honoring of a service request. The user, operatingindustry compatible, personalized computer, workstation 442, formats aservice requests via commercially available web browser 444. In thepreferred mode of the present invention, this is accomplished by thenmaking a call to the Cool ICE system. The user simply requests access tothe Cool ICE home page by transferring web browser 444 to the URL ofCool ICE system. After the Cool ICE home page has been accessed, one ofthe buttons is clicked requesting a previously defined service request.For additional detail on the service request development process, seeabove and the above referenced commonly assigned, co-pending U.S. PatentApplications.

The service request is transferred to web server 454 via world wide webpath 446. The service request is received by Cool ICE object 462 andtranslated for use within the Cool ICE system. The request is referredto the Cool ICE Engine Interface 471 via path 464. In the preferred modeof practicing the present invention, the Cool ICE Engine Interface 471is equivalent to the MAPPER data base management system. The servicerequest is passed to Cool ICE Service Handler 472 for retrieval of thecommand language script which describes the activities required of thedata base management system to respond to the service request.

Cool ICE Service Handler 472 makes an access request of Cool ICE serviceportion 480 of repository 482 via path 478. It is within Cool ICEservice portion 480 of repository 482 that the command language scriptcorresponding to the service request is stored. The command languagescript is obtained and transferred via path 466 to service handler 472for execution. Along with the command language script, a securityprofile, if any, is stored for the service request. As explained in theabove referenced, commonly assigned, co-pending U.S. Patent Application,the security profile, if required, is added to the command languagescript file at the time of service request development by the servicerequest developer. This security profile identifies which of thepotential service requesters may actually be provided with a completeresponse. The security profile, if any, is similarly transferred toservice handler 472 via path 476.

If no security profile has been identified for the service request,service handler 472 allows the execution of the command language scriptreceived via path 476 through access of remote database 456 via paths458 and 460, as required. The response is transferred to Cool ICE object462 via path 468 for conversion and transfer to workstation 442 viaworld wide web path 450.

However, if a security profile has been identified for the servicerequest, service handler 462 requests the user to provide a user-id viapath 470, Cool ICE object 462, and world wide web path 452. Servicehandler 472 awaits a response via world wide web path 448, Cool ICEobject 462, and path 466. Service handler 472 compares the user-idreceived to the security profile stored with the command languagescript. If the user matches the security profile, access is granted andservice handler 472 proceeds as described above. If the user does notmatch with the stored security profile, the service request is notexecuted and the user is notified via an appropriate message.

FIG. 11 is a detailed flowchart 300 showing the process for authoring aCool ICE service in SQL utilizing the data wizard. Entry is made atelement 302. This is accomplished by the user who enters from the datawizard request on the user's standard browser. The user actually clickson the data wizard button of the Cool ICE home page, which appears ifthe user-id indicates that the user is to have service developmentaccess to Cool ICE. This causes an HTML page to be transmitted to theCool ICE system requesting the initiation of the data wizard scriptwriting tool. The HTML page also indicates whether the request is tocreate a new Cool ICE service or to review (and possibly modify, copy,etc.) an existing Cool ICE service.

If the request is to create a new Cool ICE service as determined byelement 306, control is given via path 308 to element 312 for selectionof the data source. This data source may be co-located with the Cool ICEsystem or may reside at some remote location. Though it is transparentto the user whether the data is co-located, it involves additionalscripting to fetch data from a remote location. Cool ICE supports localdatabases ODBC (CORE level, 32-bit), Oracle, Sybase, Microsoft SQL, andUnisys MAPPER Query Language. Cool ICE supports remote databasesMicrosoft SQL, Informix, ODBC (CORE level, 32-bit drivers), Oracle,Sybase, Ingres, Unisys MAPPER Query Language, Unisys Relational DatabaseManagement System (RDMS), and Unisys A Series Query Language (ASQL). Upto five different data bases may be utilized through the use of the JOINTABLES option.

The security profile is checked and verified at element 334. Asdiscussed more fully in the above identified co-pending applications,this security profile can specify access to a database, a table, or evenan individual column of data within a table (see also FIG. 13). Element338 refines the data base management system query to be used. At thatpoint, the security profile may need to be reverified and control may bereturned to element 334 via path 336. This iterative verification of thesecurity profile is necessary as the query is refined, because therefining process may indicate other data elements which must beaccessed. Of course, this reverification is most likely if the governingsecurity profile specifies access to only individual columns within atable. After the security has been completely verified, element 334creates and displays a table from the specified data sources. A morecomplete description concerning the refining process is found below inreference to FIG. 12.

The completed query is a sequence of command statements scripted in theSQL language, Cool ICE script, or a combination involving Cool ICEreports stored in the repository. It defines all of the data basemanagement system functions which must be executed to properly respondto the to service request made by the user at the internet terminal.This completed query is saved in the repository (see above) by element340. The query may be saved as both a query definition service and as adynamic HTML service along path 342 Thus the completed service may beeasily called for subsequent use.

Following saving of the completed query definition, path 344 permitselement 350 to set a security profile for the service just defined. Thissecurity profile specifies which user-id(s) may access this service. Theservice will not appear on the Cool ICE main menu or on the data wizardservice list for any user-id not thus specified as a user of theservice. The security profile for a given user may be changedsubsequently as described below in more detail.

Path 346 permits execution of a selected query service at element 352.The user may exit data wizard at element 354 via path 348.

When element 306 determines that an initial user request is to view anexisting query definition, path 310 provides control to element 314. Ifthe user-id of the requester matches with the security profile of theexiting query definition, element 314 displays the query definition byformatting and transmitting an HTML screen to the user internetterminal. As explained above, the security profile given to the existingquery definition, if any, will determine whether it will even appear onthe user menu. The user is then given the option via a menu selection ofone of paths 316, 318, 320, 322, 324, or 326.

Path 316 permits creation of a new query definition. Path 318 providesfor copying of an existing query definition. Path 320 producesopportunity to modify an existing query definition. In each of thesethree cases, path 328 gives control to element 312 for creation ormodification of the query definition in accordance with the processdescribed above.

Path 322 provides for removal of the query definition. In this instance,an obsolete query definition may be erased from the repository.

Path 324 is available to change the security profile for a givenselected query definition. Control is given to element 350 via path 330and the security profile is modified as discussed above. Path 326 givesthe user the opportunity to execute an existing query definition.Element 352 receives control from path 332 and executes the existingquery definition as discussed above.

FIG. 12 is a detailed diagram 356 of the query definition refiningprocess wherein elements 358, 360, 376, and 378 correspond to elements334, 338, 340, and 336, respectively, of FIG. 11 Upon presentation ofthe selected data sources table, the query definition may be refined atelement 3608. The options available are:

-   -   1. add a where clause that defines up to five conditions for        retrieving data from the report or table along path 362 or an        order by clause along path 364;    -   2. Sort the table or report according to the data in up to five        columns;    -   3. Analyze and summarize selected data in the report or table        via path 366. For each column a total value, average the data,        select a minimum column value, or select a maximum column value        may be computed.    -   4. Perform calculations on the data via path 368. The data        wizard can compute, compare, and replace numeric data, character        strings, dates, and times in selected columns.    -   5. Reformat or define how the selected data appears when the        Cool ICE service for this query definition is executed via path        370. Using the reformat option enables definition of the column        order, field size, and column headings.    -   6. Create a graph of the data via path 374. The definition of        the graph may be saved as part of the query definition.

Basically, refining a query definition is a three-step process. Thethree steps are: where and order by; analyze, calculate, and reformat;and create a graph or selectively view any or all columns. The usersimply makes the selections on the user menu and clicks on the desiredresult. The data wizard applies the specific refining action andredisplays the resultant screen.

FIG. 13 is a detailed flow diagram 380 of the functions performed by theB Cool ICE administration module (see also FIGS. 4, 5, and 9) for querydefinition. The primary responsibility of Cool ICE administration module382 is to register with the required local and remote data bases neededfor the query definition. Path 384 provides for such registration.

In order for registration to take place, Cool ICE administration promptsthe user with one or more HIM screens for entry of the data needed toidentify and register the data bases. For each data base to be utilized,the user must supply information such as the TCP/IP address, data basetype (e.g., ODBC, MQL, etc.), user-id, user password, and logical namefor this data source within Cool ICE. Access to a particular data basemay be for the entire data base as with path 384, only specified tableswithin the data base as with path 386, or only with specified columnswith specified tables within the data base as with path 388. In eachinstance, the user-id and user password supplied must correspond to theaccess specified.

Path 390 permits the user to create a security profile for the querydefinition. It is axiomatic that the user can define a security profilewhich is more restrictive than the user's own security profile, butcannot define a less restrictive profile. As with all Cool ICE securityprofiles, access may be granted by entire data base, by select tableswithin the data base, or by select columns within select tables withinthe data base.

Security profiles are allocated to individual users via path 392. In atypical application, certain employees might have access to the querydefinition and all of the resulting response, whereas others may haveaccess to the query definition but have access to only a portion (bytable and/or column) of the resulting response. Yet others would bedenied any access.

FIG. 14 is a detailed schematic diagram 394 of query definition usingthe data wizard. The user, at internet workstation 396, activatescommercially available world wide web browser 398 and accesses the CoolICE homepage via world wide web paths 406, 408, and 412 using thepreviously defined URL. The Cool ICE homepage has a button for callingdata wizard 420 for query definition.

Cool ICE data wizard 420 determines the nature of the service request(see also FIG. 11) and begins processing. Paths 414 and 416 enable CoolICE administration module 432 to register the required data bases (seealso FIG. 13). The resulting SQL script generated by data wizard 420 istransferred to repository 438 via path 430 for storage at querydefinition storage area 436.

Execution of an existing data wizard scripted query definition isaccomplished by Cool ICE engine 428 which is essentially the MAPPER database management system in the preferred mode of the present invention.The script is accessed from storage and transferred to Cool ICE engine428 via path 434. Accesses to remote, database(s) 422 is via world wideweb paths 424 and 426.

The resultant report produced by execution of the query definitionscript is transferred to data wizard 420 via path 418 for formatting.The response is then transferred to service handler 402 via path 410 fortransfer via world wide web path 412 as an HTML page which is presentedto the user on workstation 396.

FIG. 15 is a flow diagram showing operation of the Join Service withinCool ICE Data Wizard 500. At element 504, the developer specifies up tofive tables, up to fifty fields, and a defining where clause. Thesedefinitions are provided to Cool ICE Data Wizard Join 506. The joinedresulting data is provided to element 508 to permit other data wizardoperations. The output is produced at element 512. The End user has thejoined and formatted data available at element 514.

FIG. 16 is a detailed flow chart showing the operation of the joinservice. Entry is via path 516 which corresponds to the output of selectdata source 312 (see also FIG. 11). Up to five tables are selected bythe user at element 518. Element 520 checks and displays the selectedtables. The join functions are performed at elements 522 and 524 asshown. Path 526 returns control to element 338 (see FIG. 11). Inaccordance with the preferred mode of the present invention, the databases in the following formats may be joined with the Cool ICE DataWizard Join Service: ODBC;

RDMS (HMP/IX);

RDMS (HMP/IX) UniAccess ODBC;

DMS HMP/IX INFOAccess32 OCBC (level 3.2 or 3.3);

DMS II HMP/NX-InfoAccess32 ODBC (level 4.2);

Oracle;

Microsoft SQL Server;

Sybase Adaptive Server;

Informix; and

Ingres.

FIG. 17 is a detailed flow diagram of the Utrace Architecture. A client,such as Client A (Application 1) 530, Client B (Application 1) 532, andClient C (Application 2) 534 requests tracing services throughUTRACER.DLL 542. The client calls a method from CUTracer 536, CUTracer538, or CUTracer 540 to explicitly turn on tracing, unless the tracingis implicitly turned on when the CUTracer object reads the traceregistry settings for the component.

The activated CUTracer class instantiates an instance of the Utrace COMobject, and based on information from the client, sets client specificproperties in the component. The client also sets properties of thetrace helper class to assist in automatic formatting trace messages. Theclient builds up a trace message using the CUTracer class, and thencalls on a method to send the message.

The CUTracer class does formatting as determined by its properties, andthen invokes one of the IUTrace interface methods (i.e., IUTrace 546,IUTrace 548, or IUTrace 550) from ULTRACE.EXE 544 to trace the message.The Utrace component then writes a line of trace information to thetrace file (i.e., Application 1 Trace File 562 for application 1 orApplication 2 Trace File 564 for application 2). The activities of thetrace session (i.e., trace file open, information gathering, and tracefile close) are under the direction of the application.

FIG. 18 is a table 565 showing the various registry settings inaccordance with the preferred mode of the present invention.

FIG. 19 is a flow chart showing the generic trace process. Tracing maybe initiated manually by client 566 or automatically by application 568.In either situation, element 570 turns on the trace process. Parametersfor the tracing process may be supplied by both the client, via element572, and by the application, via element 574.

Element 576 initiates the UTrace COM object (see also FIG. 17). Thespecific trace object is built at element 578. Element 580 sends themethod call message, and element 582 prepares the class genericformatting. The actual trace is performed at element 584. The trace datais stored at element 586.

FIG. 20A is a table showing the definitions for policy trace flags whichare stored in a registry value. In addition, the application may defineits own set of policy flags that are more appropriate for thatapplication. Through registry settings, the policy may apply to allcomponents of the application. Alternatively, settings are stored in acorresponding registry key.

FIG. 20B is a table showing a typical run-time call. Upon encounteringthis script, the policy for the component is queried for theCI_TRACE_DETAIL policy flag to see if the tracing should actually occur.

FIG. 21 is a detailed flow chart showing branching from the Data WizardMain Menu. The user interface process begins with Data Wizard Main Menu588. A first possible user selection is branch 590 which is used tocreate a new query. The major division for new queries is via path 592for a standard query or via path 594 for a transaction query. Element598 of processor 596 selects the appropriate category. Whether the newquery is based upon a previous query is determined by element 500. Ifno, control is given to the Query Builder at element 606. Otherwise,control is first given to element 602 for selection of the query, beforeelement 606 sends the query request to the Query Builder.

Branch 608 corresponds to the request to edit an existing query. Thecategory is selected at element 610. The process continues by passingcontrol to the query builder at element 612.

Execution of a query cause branching to path 614. Element 616 providesfor selection of a category. Execution and display at element 618follows.

Element 620 provides a path for adding security to a query. A categoryis selected at element 622. The appropriate security profile(s) is addedat element 626 and control is returned to Data Wizard 588 via element628.

Branch 630 provides the path to delete a query. The category is selectedat element 632. The user is given an opportunity to affirm the deletiondecision at element 634. If the user changes his/her mind, path 636returns control to Data Wizard Main Menu 588. Otherwise element 628deletes the query before returning control to element 588.

Help information is provided via path 640 which exits to help topics atelement 642. Branch 644 permits exiting the data wizard. Element 646gives control to Cool ICE Main Menu.

FIG. 22 is a detailed flow chart of the process of building a query.Element 648 provides the entry to the query builder. Path 650 permitsspecification of the variables. Control is returned to query builder 648via element 654. Path 656 provides for selection of the source(s) of thecomponents for construction of the customized user interface. Databaseselection is via element 658. Element 664 provides for selection ofcolumns via path 660 with source returned via path 662. Return to QueryBuilder 648 is via element 666.

Where is selected at element 672 and order is selected at element 686.Paths 668 and 682 specify where and order, respectively. Source isreturned via paths 670 and 684. Elements 672 and 686 exchange where,order, and column information, as shown. Advanced where operations aretransferred via path 674 to element 676 with simple where communicatedvia path 678. Paths 680 and 688 return control to Query Builder 648.Operations 690 are not applicable to transaction queries.

Manipulation of columns is accomplished via path 692. Columns are addedvia element 694 with element 696 returning control to Query Builder 648.Operations 698 are not applicable to transaction queries. Element 702specifies partial columns. Control is returned to Query Builder 648 viaelement 700.

Data manipulation is accomplished along path 704. Element 706 providesfor selection of tasks for calculation (via path 708), analysis (viapath 714), and sorting (via path 716). The columns for calculation areselected via element 710. Element 712 builds the equation(s) toaccomplish the calculation before control is returned via element 728.The remainder of the data manipulation functions (i.e., operations 726)are applicable only to standard queries. Horizontal and verticalanalysis are via elements 722 and 724, respectively, whereas element 720sorts the records. Returns occur via paths 728 and 726.

All of operations 728 involving display from path 730, are applicableonly to standard queries. Element 732 selects table (i.e., path 734),form (i.e., path 736), and graph (i.e., path 738). Specification oftable, form, and graph are by elements 740, 742, and 744, respectively.Similarly, elements 746, 748, and 750 actually display table, form, andgraph, respectively. Return is via element 752.

Operations 754 are applicable only to transaction queries. Path 756provides for insertion, updating, and deletion of records. Element 758makes the appropriate selection. Paths 760, 762, and 764 direct controlto elements 756. 758, and 760 for insertion, updating, and deletion.Paths 766 direct control to switch 768, which directs tables via path770 for display at element 774, and which directs forms via path 772 toelement 776 for display.

FIG. 23 is a detailed flow chart showing conclusion of the process.Entry is via path 786. Element 788 examines the query. Comments are sentto display 792 with responses returned via path 794. Path 796 continues.Element 798 saves the query definition. Element 800 deals only withtransaction queries. Conclusion is via path 802, with return to DataWizard Main Menu via element 804.

FIG. 24 is a schematic view of the Cool ICE Data Wizard home screen.Selection of Execute a Component 806 permits selection ofCategory/Component 816 which results in Execution of the selectedcomponent 826. Similarly, Create 808 permits category selection 818 andentry of component builder 828. Also, Edit/Creation 810 permitsselection 820 and entry of component builder 828.

Modify Security 812 provides selection of Category/Component 822 andProfile Assignment 830. Delete Component 814 offers Category/Componentselection 824 and actual deletion of component 832.

As explained above, a complete service is described as an ordered seriesof Wizard independently of all other steps used to define the service.

FIG. 25 is a schematic view showing interaction between Web Browser 834and the Component Builder. Portion 836 of Web Browser 834 interacts withthe various facilities of the Component Builder. Data Source Selection838 permits the user to Pick Tables, Columns, Order By, and Where 840.Similarly, Column Manipulation 842 provides the user with opportunity toAdd Columns, Show or Hide Columns, and Define Column Order 844.

Actual manipulation of the data is performed by Data Manipulation 846via Sort, Calculate, Analyze, Update Append, and Delete functions 848.Display Control 850 enables the user to Define Properties to Display asTable or Graph 852. Utility function, Save Component 854 does so inaccordance with the user Choose Name and Title 856. Add Security 860provides the user access to Define Profile Membership 858. Cool ICEService Component 862 is specifically addressed by Save Component 854and Add Security 860, as shown.

FIG. 26 is a flow chart showing the over all operation of the Cool ICEData Wizard Select Source. Entry is via element 864. Element 866 mustfirst obtain user specified inputs and identify existing stepinformation if any. Element 868 switches control, as shown, based upontype of prompt. Control may be given to one of UpTblinfo 870, to updatethe table data; UpdColinfo 872, to update a column; UpWhereinfo 874, toupdate Where data; UpdOrderinfo 876, to update data order; orFinishSource 880, to complete processing. Detailed flow charts for eachof these functional elements is provided below.

When the function selected by element 868 has been completed, control isgiven to element 882 for switching in accordance with the next userprompt. In the example, shown, control is given to one of UpThlinfo 884,UpdColinfo 886, UpWhereinfo 888, or UpdOrderinfo 890 to process he nextreceived request. Following all prompts, collector element 892 transferscontrol to element 894 for exit.

FIG. 27 is a detailed flow chart for the UpdTblinfo procedure. Thisprocedure updates the table information. Entry is via element 892. Thetable selection for step data is created at element 894.

Element 896 switches control based upon whether all table updateinformation has been processed. If not, control is given to element 900for insertion of row for “AccessType”. Similarly, element 902 performsinsertion for “DataBase”, and element 906 performs insertion for“Table”. After insertion, element 908 increments the index and returnscontrol to element 896 to determine whether processing has beencompleted. When completed, control is given to element 898 to fetch thetable for updating. Element 904 reflects that procedure UpdateStepDataactually performs the updating. Exit is via element 910.

FIG. 28 is a detailed flow chart for the procedure UpdateStepData (seealso process by comparison and listing. Extraction of copies of columnselection, where clause, and order by clause is accomplished at element916.

Columns are removed at elements 918. Element 920 determines whether eachhas a column from the deleted table list. If yes, element 922 removesthe To corresponding where clause. Control is given to element 924 whichremoves all the columns from a table identified within the deleted tablelist.

Element 926 builds the new table, and element 928 saves it. Exit is viaelement 930.

FIG. 29 is a detailed flow chart of the procedure UpdColinfo (see alsoFIG. 26, element 872). Entry is via element 932. The column selection iscreated at element 934. Element 936 determines whether all columns havebeen processed. If not, control is given to element 942 for insertion ofa row into columnselection. The index is incremented by element 944 andcontrol is returned to element 936 to determine if all processing hasbeen accomplished.

When complete, element 938 receives control and fills the type field ofColumnSection. The updated information is replaced at element 940. Exitis via element 946.

FIG. 30 is a detailed flow chart of procedure UpdWhereinfo (see alsoFIG. 26, element 874). Entry is via element 948. The WhereSection iscreated at element 950. Element 952 determines whether processing hasbeen completed. If so, element 954 replaces existing WhereSection, andexit is via element 958.

If not, element 960 determines next wherelog entry to address. If found,element 962 selects and element 964 inserts row into wheredata table. Ifnot found, element 966 determines if all tried. If no, control is givento element 970. Otherwise, exit is via element 968.

The appropriate column is fetched via element 970. The subtraction isperformed at element 972 with the row insertion accomplished at elements974 and 976. Element 978 determines whether the associated wherevalueexists. If no, control is given to element 990 for incrementation of theindex and return to element 952. If yes, element 980 determines whetherwheresrc exists. If not, control is given to element 990. If yes,element 982 determines whether the wheresrc is equal to the column. Ifno, element 984 inserts the row and transfers control to element 990. Ifyes, element 986 fetches the column and element 988 inserts the row.Control is then given to element 990.

FIG. 31 is a detailed flow chart of procedure UpdOrderinfo (see alsoFIG. 26, element 876). Entry is via element 992. Creation of theordersection is accomplished at element 994. Element 996 makes thecomplex decision of whether while order by exists and orderdir exists.

Element 1004 inserts the appropriate row into the ordersection andreturns control element 996. Otherwise element 998 replaces theordersection info with new data and a return is done.

FIG. 32 is a detailed flow chart of the FinishSource procedure (see alsoFIG. 26, element 880). Entry is via element 1008. The stepdata isfetched at element 1010. Element 1012 determines if all columns areavailable. If no, element 1014 displays and appropriate error messageand exit is accomplished via element 1032.

If all columns are available, element 1016 executes a procedure to checkthe columns. Element 1018 determines if multiple database names havebeen used. If element 1020 determines that the number of rows does notequal one, control is given to element 1030 to retrieve tables and dojoin via MQL. Exit is via element 1032.

If not all columns are available, element 1022 modifies the name valuefield. Element 1024 then determines if access type is MRI. The complexdecision made at element 1028 transfers control to either element 1026or element 1030 based upon whether the number of rows equals one and thevalue field equals MRI.

Element 1026 executes a procedure for building a native composite SQL(standard query language). Element 1030, on the other hand, retrievestables and joins via MQL. In either case, exit is via element 1032.

FIG. 33 is a detailed flow chart showing the procedure for building anative composite SQL (see also FIG. 32, element 1026). Entry is viaelement 1034. The writing of the output is begun at element 1036. Codeis inserted by element 1038. Element 1040 extracts the column section.

Elements 1042 and 1044 insert additional code. The table section isextracted at element 1046. Further code insertion occurs at element1048. The wheresection is extracted from step data at element 1050 andcode for it is inserted at element 1054. The orderby section isextracted by element 1056.

Additional code insertion is accomplished by elements 1058, 1060, 1062,1064, and 1066. The output area is finalized and closed at element 1068.Exit is via element 1070.

FIG. 34 is detailed flow chart of the procedure which retrieves tablesand data join via MQL (see also FIG. 32, element 1030). Entry is viaelement 1072. Element 1074 inserts code into the output area. Tableinformation is extracted from step data at element 1076.

Element 1078 cycles the procedure to accommodate each of the tables. Foreach, element 1082 determines the access type and switches to theappropriate path. Element 1084 renames the current table. Element 1088provides for execution. Renaming is the role of element 1090. Element1092 retrieves the state management report. And element 1094 retrievesthe MRI columns.

Incrementation of the controlling index is performed by element 1096.After all retrieval has been accomplished, control is given to element1080 by element 1978 for the join via MQL. The procedure of element 1086checks for and renames duplicated field names. Exit is via element 1098.

FIG. 35 is a detailed flow chart showing operation of the join via MQLprocedure (see also FIG. 34, element 1080. Entry is via element 1100.The output area writing is begun at element 1102. Code insertion occursat elements 1104, 1108, and 1110. Extraction of the column sectioninformation from step data is at element 1106.

Element 1112 switches control for each result identifier. A line isinserted by element 1114. The delimiter is set at element 1116. Element1118 routes to the next identifier.

Extraction of the where section and order of section from step data isperformed by elements 1120 and 1124. Insertion of code is performed byelements 1122, 1126, 1128, and 1130. Element 1132 closes the selectsource script. Exit is via element 1134.

Having thus described the preferred embodiments of the presentinvention, those of skill in the art will be readily able to adapt theteachings found herein to yet other embodiments within the scope of theclaims hereto attached.

1. In a data processing system having a user terminal operated by auser, the improvement comprising: a. a data base management systemhaving a data base which executes an ordered sequence of commandlanguage script which performs a plurality of data base managementfunctions to modify data within said data base coupled to said userterminal via a publicly accessible digital data communication network;b. wherein said user terminal builds and stores within said data basefor future use a service request specifying said plurality of data basemanagement functions for utilizing said data base management system tomodify data from said data base; and c. a Data Wizard within said database management system which permits said user to build said servicerequest as a table which defines an ordered sequence of discrete andindependent sub tables wherein said sub tables define steps, each ofsaid steps having its own encapsulated environment permitting each ofsaid steps to be created and edited independently of any other step andwherein information stored for any one step does not interact with orinterfere with information stored for another step, and wherein each ofsaid steps corresponds to a different portion of said ordered sequenceof command language script and wherein said Data Wizard presents aplurality of valid steps as choices for addition at each position insaid ordered sequence of discrete and independent sub tables.
 2. Theimprovement according to claim 1 wherein said publicly accessibledigital data communication network further comprises the Internet. 3.The improvement according to claim 2 wherein said user terminal furthercomprises an industry compatible personal computer having a commerciallyavailable browser.
 4. The improvement according to claim 3 wherein saidData Wizard automatically inhibits presentation of any step which wouldnot be valid for the corresponding position within said ordered sequenceof discrete and independent sub tables.
 5. The improvement according toclaim 4 wherein said data base management system is a commerciallyavailable data base management system.
 6. An apparatus comprising: a. auser terminal; b. a data base management system which executes anordered sequence of command language script to modify data within a database responsively coupled to said user terminal via a publiclyaccessible digital data communication network; and c. a Data Wizardresponsively coupled to said user terminal and located within said database management system which permits a user to build for future use aservice request to perform at least one data base management functionfrom said user terminal in accordance with an ordered sequence ofdiscrete and independent steps corresponding to said ordered sequence ofcommand language script to modify data within said data base and whichpresents a plurality of valid steps as choices for addition to saidordered sequence of discrete and independent steps wherein each of saidordered sequence of discrete and independent steps exists within its ownencapsulated environment such that each of said ordered sequence ofdiscrete and independent steps may be user created and modifiedindependently of others of said ordered sequence of discrete andindependent steps.
 7. The apparatus of claim 6 wherein said publiclyaccessible digital data communication network further comprises theInternet.
 8. The apparatus of claim 7 wherein said Data Wizardautomatically inhibits presentation of any invalid step for any givenone of said ordered sequence of discrete and independent steps.
 9. Theapparatus of claim 8 wherein said user terminal further comprises anindustry compatible personal computer containing a web browser.
 10. Theapparatus of claim 9 wherein said data base management system furthercomprises a commercial data base management system.
 11. A method ofdynamically building a service defined by a table which specifies atleast one data base management function to change data within a database from a user terminal coupled via a publicly accessible digital datanetwork to a remote data base management system which responds to anordered sequence of command language script having a component buildingprocess comprising: a. selecting from a larger plurality of potentialsteps and presenting a first plurality of potential steps for changingdata within said data base which are valid for a first position in anordered sequence of steps which define said service; b. modifying achosen one of said first plurality of potential steps using a DataWizard by editing said chosen one of said fist plurality of potentialsteps; c. inserting said chosen one of said first plurality of potentialsteps into said ordered sequence of steps; d selecting from said largerplurality of potential steps and presenting a second plurality ofpotential steps which are valid for a next position in said orderedsequence of steps; e. modifying a chosen one of said second plurality ofpotential steps using a Data Wizard; f. inserting said chosen one ofsaid second plurality of potential steps modified by step e into saidordered sequence of steps; g. repeating steps c and d until said serviceis complete; and h. storing said completed service within said remotedata base management system for future use.
 12. A method according toclaim 11 further wherein each of said presenting steps automaticallyinhibits presentation of any potential step which is not valid for saidnext position within said ordered sequence of steps.
 13. A methodaccording to claim 12 wherein said publicly accessible digital datacommunication network further comprises the world wide web.
 14. A methodaccording to claim 13 wherein said user terminal further comprises anindustry compatible personal computer.
 15. A method according to claim14 wherein said remote data base management system further comprises acommercial data base management system.
 16. An apparatus comprising: a.permitting means for permitting a user to access a publicly accessibledigital data communication network; b. providing means responsivelycoupled to said permitting means via said publicly accessible digitaldata communication network for providing data base management servicesto modify data within a data base in accordance with a servicecorresponding to an ordered sequence of command language script; c.designing means responsively coupled to said permitting means andlocated within said providing means for designing said service to modifysaid data within said data base through specification of an orderedplurality of discreet and independent steps; d. presenting meansresponsively coupled to said designing means for presenting a pluralityof valid potential steps for selection of each of said ordered pluralityof discreet and independent steps wherein each of said ordered pluralityof discreet and independent steps is encapsulated into its ownenvironment such that said each of said ordered plurality of discreetand independent steps may be created and modified by a userindependently of others of said ordered plurality of discreet andindependent steps; and e. storing means for storing said service withinsaid data base for future use.
 17. An apparatus according to claim 16wherein said presenting means further comprises inhibiting means forinhibiting presentation of any step which is invalid for a correspondingposition within said ordered plurality of discreet and independentsteps.
 18. An apparatus according to claim 17 wherein said publiclyaccessible digital data communication network further comprises theInternet.
 19. An apparatus according to claim 18 wherein said providingmeans further comprises a commercial data base management system.
 20. Anapparatus according to claim 19 wherein said permitting means furthercomprises an industry standard personal computer.